Has anyone seen this or had this occur - Basically they replace the default docs in the wwwroot (index.htm, html, asp, default.htm, html, asp, etc.) with a file with only html and css in it that shows a picture of Homer Simpson and the massage Hacked By Fatal Error and something along the lines of "hey admin take care of server". We saw it on one internal dev server and I am just trying to figure out what is exploited to be able to drop the files on. The only things open are ports 80 and 21 (ftp logs show no activity in over a week), the files in question were created yesterday. I really just want to know that the server itself isn't compromised and this was just a defacing and also prevent it from occurring again. The server is fully patched win2k and we also shut off ftp this morning since usage of it is pretty non-existant anymore since all dev is on-site.
Thanks, Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322826 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4